The backdoor on Contec CMS8000 patient-monitoring devices could allow an IP address at an unnamed university to remotely download and execute unverified files, according to CISA.